RPC encryption

[Gerrrr]

Following the discussion at #469, this PR enables RPC encryption.
Most of the code is taken from Consul codebase.

New general options:

• verify_incoming
• verify_outgoing
• ca_file
• cert_file
• key_file
• domain

Example configuration:

server.hcl

verify_incoming = true
verify_outgoing = true

ca_file = "/opt/gopath/src/github.com/hashicorp/nomad/config/certs/root/ca.cert"
cert_file = "/opt/gopath/src/github.com/hashicorp/nomad/config/certs/server.global.nomad/server.cert"
key_file = "/opt/gopath/src/github.com/hashicorp/nomad/config/certs/server.global.nomad/server.key"

data_dir = "/var/lib/nomad"
server {
    enabled = true
    bootstrap_expect = 3
    start_join = ["172.28.128.3", "172.28.128.4", "172.28.128.5"]
}

server01.hcl

bind_addr = "172.28.128.3"

server02.hcl

bind_addr = "172.28.128.4"

server03.hcl

bind_addr = "172.28.128.5"

Issues
I am not sure about the domain option since it is not used anywhere but during certificate verification. If you have an idea for a certificate hostname format, I am happy to remove domain and change it accordingly.

[diptanu]

@Gerrrr Thanks! Is this PR ready for review? I see that you have been pushing commits after opening the PR, please let me know when it is ready for review.

[Gerrrr]

Hi @diptanu,

Yes, this PR is ready for review now.

[dadgar]

Thanks @Gerrrr. Closing in favor of #1853

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.